[Esapi-user] WAF

Jim Manico jim.manico at owasp.org
Sun Mar 20 22:50:27 EDT 2011

I agree, ripping it out now is a bad idea since we are so far along.

I saw we deprecate it for ESAPI 2.0 GA (starting next RC), and also
start owasp-java-waf as a separate stand-alone project. It's solid code
- I really do want to see it continually developed.

All in favor? If so, I'll set up the new project.

- Jim

> This is very risky to remove before the 2.0 GA Release. Can we just
> deprecate it for GA and remove it in a subsequent version?
> This isn't the first time this conversation has come up.
> On 3/9/11 6:03 PM, "Christian Heinrich" <christian.heinrich at owasp.org>
> wrote:
>> Jim,
>> On Tue, Mar 8, 2011 at 5:16 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>> I agree 100% that the ESAPI WAF should be split out into its own
>>> project. Arshan (the original author) asked for this in the first place!
>>> How about we start a new project: owasp-java-waf to work on this code
>>> standalone?
>>> Arshan, are you ok with this sir?
>> The proposed transitional roadmap would be:
>> 1. Import the current Java WAF code from the current ESAPI RC into a
>> separate (i.e. new) SVN repository.
>> 2. Remove the Java WAF code from the next release of ESAPI RC and
>> update the changelog referencing the new repository.
>> 3. Mark the outstanding issues regarding WAF on the ESAPI Java as
>> closed but assigned to the new repository.
>> I haven't heard from Arshan yet - would it be possible to simply give
>> him commit access to the new repository if we don't receive a
>> response?
> Chris Schmidt
> ESAPI Project Manager (http://www.esapi.org)
> ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
> Blog: http://yet-another-dev.blogspot.com

More information about the Esapi-user mailing list